Log In

Aussie cyber centre warns of growing threat in first report

But ACSC reveals no major national attack yet.

Malicious cyber incidents reported by Australian governments and business have more than tripled in the last three years and will cost more than $1 billion in damage in the future, but the country is yet to suffer a major attack, according to the Australian Cyber Security Centre.

The ACSC today released its first-ever unclassified cyber security threat report [pdf], which the centre's co-ordinator Clive Lines said proved the threat to Australian organisations was "undeniable, unrelenting and continues to grow".

“If every Australian organisation read this report and acted to improve their security posture, we would see a far more informed and secure Australian internet presence,” he said.

The centre has urged Australian business and government to do more to defend against cyber espionage, attack and crime.

The ACSC's warning stems from a 20 percent rise in the number of IT security threats reported to the ASD last year, which reached 1131 from 940 the year prior, and up from 313 in 2011.

Cyber incidents are growing in both number and "destructive capability", the centre said, which meant detecting and responding to the threat was becoming more difficult.

The report singled out energy providers, banking and finance, defence, transport and communications companies as the biggest private sector targets for malicious actors.

The ACSC also warned of increasing daily activity by "foreign state adversaries" but stopped short of naming any culprits.

It forcecast the cost of cyber incidents on Australian organisations would exceed the $1 billion estimate previously given by infosec firm Symantec, which only counted the cost for individuals rather than business and government.

Malware and ransomware remain the predominant cybercrime threat in Australia, according to the report. It specifically highlighted the use of GameOver Zeus, ZeroAccess, the Conficker worm, TorrentLocker and CyptoWall 2.0 as prevalent methods of attack.

Between October 2014 and January 2015, the ACMA's Australian Internet Security Initiative (AISI) reported over 15,000 malware compromises daily to internet service providers, the report stated.

Distributed denail of services (DDoS) attacks remained steady last year, the ACSC reported.

No major attack yet

However, the centre's report noted that Australia has "not yet been subjected to any activities that could be considered a cyber attack".

A cyber attack - which it classified as a deliberate act to manipulate, destruct, deny, degrade or destroy computers or networks or their information - was unlikely during peace time, the ACSC said.

It said while the threat of a more diverse set of cyber attacks in the future would rise as the barriers to enact a cyber attack diminished, adversaries were more likely to continue using disruption and vandalism to gain publicity.

The centre is a Canberra-based hub which houses cyber specialists from the AFP, ASIO, Defence, Crime Commission, ASD and CERT Australia. It was born under the former Gillard government and entered full operation at the start of the year.

Today's report is the first unclassified report to be released by the ACSC.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.